Which Sourcefire logging action should you choose to record the most detail about a connection?
A . Enable logging at the end of the session.
B . Enable logging at the beginning of the session.
C . Enable alerts via SNMP to log events off-box.
D . Enable eStreamer to log events off-box.
Answer: A
Explanation:
FirePOWER (former Sourcefire)
Logging the Beginning And End of Connections
When the system detects a connection, in most cases you can log it at its beginning and its end. For a single non-blocked connection, the end-of-connection event contains all of the information in the beginning-of-connection event, as well as information gathered over the duration of the session.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-userguide/asa-firepower- module-user-guide-v541/AC-Connection-Logging.html#15726
Leave a Reply